StarMirror/toxcore
1
0
Fork 0
mirror of https://github.com/irungentoo/toxcore.git synced 2024-03-22 13:30:51 +08:00
Code Issues Projects Releases Wiki Activity

additional length >= size checks

Browse Source 
Messenger.c:
- additional size checks
- removed one pointless copying of data, instead using it directly

util.c:
- lost a newline vs. master
This commit is contained in:
Coren[m] 2013-09-16 09:40:47 +02:00
parent 57d10f0a80
commit a069f67ab3
2 changed files with 13 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
toxcore/Messenger.c
View File

@ -1393,6 +1393,9 @@ static int Messenger_load_old(Messenger *m, uint8_t *data, uint32_t length)
length -= sizeof(nospam); length -= sizeof(nospam);
uint32_t size; uint32_t size;
if (length < sizeof(size))
return -1;
memcpy(&size, data, sizeof(size)); memcpy(&size, data, sizeof(size));
data += sizeof(size); data += sizeof(size);
length -= sizeof(size); length -= sizeof(size);
@ -1419,24 +1422,22 @@ static int Messenger_load_old(Messenger *m, uint8_t *data, uint32_t length)
if (!(size % sizeof(Friend))) { if (!(size % sizeof(Friend))) {
uint16_t num = size / sizeof(Friend); uint16_t num = size / sizeof(Friend);
Friend temp[num]; Friend *friend_list = (Friend *)data;
memcpy(temp, data, size);
uint32_t i; uint32_t i;
for (i = 0; i < num; ++i) { for (i = 0; i < num; ++i) {
if (temp[i].status >= 3) { if (friend_list[i].status >= 3) {
int fnum = m_addfriend_norequest(m, temp[i].client_id); int fnum = m_addfriend_norequest(m, friend_list[i].client_id);
setfriendname(m, fnum, temp[i].name, temp[i].name_length); setfriendname(m, fnum, friend_list[i].name, friend_list[i].name_length);
/* set_friend_statusmessage(fnum, temp[i].statusmessage, temp[i].statusmessage_length); */ /* set_friend_statusmessage(fnum, temp[i].statusmessage, temp[i].statusmessage_length); */
} else if (temp[i].status != 0) { } else if (friend_list[i].status != 0) {
/* TODO: This is not a good way to do this. */ /* TODO: This is not a good way to do this. */
uint8_t address[FRIEND_ADDRESS_SIZE]; uint8_t address[FRIEND_ADDRESS_SIZE];
memcpy(address, temp[i].client_id, crypto_box_PUBLICKEYBYTES); memcpy(address, friend_list[i].client_id, crypto_box_PUBLICKEYBYTES);
memcpy(address + crypto_box_PUBLICKEYBYTES, &(temp[i].friendrequest_nospam), sizeof(uint32_t)); memcpy(address + crypto_box_PUBLICKEYBYTES, &(friend_list[i].friendrequest_nospam), sizeof(uint32_t));
uint16_t checksum = address_checksum(address, FRIEND_ADDRESS_SIZE - sizeof(checksum)); uint16_t checksum = address_checksum(address, FRIEND_ADDRESS_SIZE - sizeof(checksum));
memcpy(address + crypto_box_PUBLICKEYBYTES + sizeof(uint32_t), &checksum, sizeof(checksum)); memcpy(address + crypto_box_PUBLICKEYBYTES + sizeof(uint32_t), &checksum, sizeof(checksum));
m_addfriend(m, address, temp[i].info, temp[i].info_size); m_addfriend(m, address, friend_list[i].info, friend_list[i].info_size);
} }
} }
} }
@ -1453,7 +1454,7 @@ static int Messenger_load_old(Messenger *m, uint8_t *data, uint32_t length)
data += sizeof(small_size); data += sizeof(small_size);
length -= sizeof(small_size); length -= sizeof(small_size);
if (length != small_size) if (length < small_size)
return -1; return -1;
setname(m, data, small_size); setname(m, data, small_size);

1
toxcore/util.c
View File

@ -13,6 +13,7 @@
/* for CLIENT_ID_SIZE */ /* for CLIENT_ID_SIZE */
#include "DHT.h" #include "DHT.h"
#include "util.h" #include "util.h"
uint64_t now() uint64_t now()